exploitDog

CVE-2015-3950

Опубликовано: 05 июн. 2015

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request.

Ссылки

http://www.securityfocus.com/bid/75032
https://ics-cert.us-cert.gov/advisories/ICSA-15-155-01
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/75032
https://ics-cert.us-cert.gov/advisories/ICSA-15-155-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:xzeres:442sr_os:-:*:*:*:*:*:*:*

cpe:2.3:h:xzeres:442sr:-:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00065

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-m359-63q6-c3cc

github

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request.

EPSS

Процентиль: 20%

0.00065

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352